Headless signup response is identical whether a registered or unregistered email address is supplied.
It sounds like you're running into ACCOUNT_PREVENT_ENUMERATION. In that case, the response of the endpoints is specifically chosen so that an attacker can not check whether a user accounts exist.
2137d14cec
fix(steam): error handling during OpenID discovery
4e0745582b
fix(headless/jwt): remove faulty assert
a74fbec244
fix(openid): handle InvalidOpenIDNamespace during callback
fix(steam): error handling during OpenID discovery
Okay, I've added two basic tests for the steam provider. I think that's appropriate, as the generic openid provider doesn't have redirect.
8bb2535267
fix(steam): error handling during OpenID discovery
0e9913045d
fix(steam): error handling during OpenID discovery
9eb27dc0ce
feat(idp): JWT access token support
7ae645201d
chore(deps): bump actions/checkout from 5 to 6
f1587a537f
docs(ChangeLog): added headless steam redirect
6d20f69367
feat(shopify): support
email_verified
9ae05290d2
fix(steam): error handling during OpenID discovery
bf4c4fc164
fix(steam): error handling during OpenID discovery
86d29848f5
fix(steam): error handling during OpenID discovery
beheh
pushed to openid-handle-callback-exceptions at beheh/django-allauth
2025年11月26日 14:51:07 +01:00
a74fbec244
fix(openid): handle InvalidOpenIDNamespace during callback
9eb27dc0ce
feat(idp): JWT access token support
7ae645201d
chore(deps): bump actions/checkout from 5 to 6
f1587a537f
docs(ChangeLog): added headless steam redirect
6d20f69367
feat(shopify): support
email_verified
beheh
pushed to openid-handle-callback-exceptions at beheh/django-allauth
2025年11月26日 14:47:02 +01:00
2bb0246c37
fix(openid): handle InvalidOpenIDNamespace during callback
fix(steam): error handling during OpenID discovery
I'll still add a test for this.
fix(openid): handle InvalidOpenIDNamespace during callback
beheh
pushed to openid-handle-callback-exceptions at beheh/django-allauth
2025年11月26日 12:26:02 +01:00
965cd9b3b6
fix(openid): handle InvalidOpenIDNamespace during callback
beheh
pushed to openid-handle-callback-exceptions at beheh/django-allauth
2025年11月26日 12:21:20 +01:00
93427f67e0
fix(openid): handle InvalidOpenIDNamespace during callback
beheh
created branch openid-handle-callback-exceptions in beheh/django-allauth
2025年11月26日 12:21:20 +01:00
fix(steam): error handling during OpenID discovery
I'm also aware of another similar case in the callback view, where client.begin can throw when the user-supplied parameters are invalid. Not sure if you also want that here, on in a separate PR.
fix(steam): error handling during OpenID discovery
0323dadfee
fix(steam): error handling during OpenID discovery
90f985f1b8
fix(steam): error handling during OpenID discovery
050d8f8def
feat(steam): support headless login via redirect
73fd51e101
chore: opening 65.14.0-dev